I want to connect directly from localhost to 10.128.0.0/16 network, without SSH port forwardings and such. Work station has access to this network. Also, work station has static IP 10.255.255.252 in VPN.

I see. That makes it clear why you can’t add a route. It would have to go through 192.168.193.29 – your only direct peer on the OpenVPN connection. What is that? Your VPN server?
– Daniel BNov 2 '16 at 9:07

@DanielB yes, 192.168.193.29 is VPN server which I'm connecting to, and it doesn't know about needed for me 10.128.0.0/16 network. Only workstation 10.255.255.252 knows about it. I thought, there should be some way to manage route using 10.255.255.252?
– Evgeny VeretennikovNov 2 '16 at 9:23

When you add a route, you tell your PC about the next hop to the destination. The next hop has to be reachable directly. The next hop device will have the “next next” hop in its routing table and so on. That’s how IP routing works. One way to simplify things would be to switch your OpenVPN topology from p2p/net30 to subnet.
– Daniel BNov 2 '16 at 9:35

1 Answer
1

Connecting directly mean that you want to use layer3 routing. Routing works pretty simple: packets enter the router and exit to the direction determined from the destination address (in the normal routing at least). Then enter the next router and the same process repeated, until the packet reaches the destination (or hits the wall by not being able to reach).

This requires that in forward direction all routers towards 10.128/16 should have a route of 10.128/16 to somewehere (preferably to the next router in the chain). It also requires that all routers in the backpath have a route for 192.168.1.0/24 (preferably backwards direction) to make it possible for the reply to reach your machine.

Unless you do that properly on all routers in the path (vpn and router) it will not work.

(In the case where you are not administering the middle hops you can use a simple GRE tunnel between localhost and targets: it uses ~42 bytes of overhead on every package but relatively simple to setup, provided you have "intelligent" hosts on both ends.)